Cybersecurity Investments Needed to Protect Healthcare Industry, Patients
September 8, 2020
Virtual Conference October 21, 2020 Features Expert with
Critical Advice
While the healthcare industry is expected to spend $65 billion
from 2017 to 2021 on cybersecurity products, many hospitals will
continue to be at risk of cyberattacks, which will cause damages
that could cost as much as $6 trillion by next year. This is a
significant increase from $3 trillion in 2015, according to an
April 2020 report by Cybersecurity Ventures. The following
statistics back up these predictions: The healthcare industry
endured two to three times more cyberattacks in 2019 compared to
other industries, and healthcare data breaches affected more than
41 million patient records last year, which equals a 196%
increase from 2018.
"The amount of sensitive information held by healthcare
organizations makes them more appealing to attackers and,
therefore, more vulnerable," explained Daniel Eliot, Director of
Education & Strategic Initiatives at the National Cyber
Security Alliance. He added that the increased reliance on
telemedicine raises additional security risks. "Connections
should be secure and encrypted. From a small healthcare facility
to the largest hospital, all are at the top of the list of
targets," he stressed.
"There is a lack of investment in cybersecurity as a whole,
whether it's not hiring qualified staff or not seeking
information technology [IT] security vendors. One challenge of
cybersecurity is that it's not as tangible as fire, flood and
other threats. You can't see it and it sneaks up on you quickly,"
Eliot said.
To help organizations understand cybersecurity, make the best
investments to reduce risk of cyberattacks and mitigate the
impact of any invasions that may occur, Eliot will deliver the
keynote presentation, Converting Awareness into Action: It
Begins with Culture, during the New Jersey Association of
Mental Health and Addiction Agencies' (NJAMHAA's) IT Project's
conference, No Fooling: IT is Critical!, which will be
held virtually on October 21, 2020.
According to Eliot, when companies invest in cybersecurity, there
is often a misalignment of funding. "Many organizations spend a
lot on technology, such as firewalls and virtual private
networks, and believe they'll be secure. We underestimate the
human elements and the need for
training. Once cybercriminals get past a firewall, employees
click on harmful links in e-mails," he said, emphasizing that
three elements are critical for having better security: employees
who are well trained, solid processes and effective
technology.
June Noto, NJAMHAA's Vice President of Information Technology,
Human Resources and Administrative Services, reinforced the
importance of training. "Education is the singular most important
tool that any employer can implement. Sure, there are firewalls
and routers, and anti-virus and anti-malware software, but
nothing, except education and awareness, can protect end users
from scammers," she said.
However, training and education are just part of the picture. The
focus on cybersecurity needs to be integral to every
organization's culture.
"Cybersecurity is a resilience-based topic, and these topics are
not as sexy as generating leads or getting more customers or
capital. Organizations tend to think of risk and resilience only
one time a year or when something happens and they have to
address it. Reducing risk and building resilience need to be part
of every organization's culture," Eliot stated.
To further reinforce the importance of employee training and
buy-in, Eliot stated, "It's not always malicious actors who bring
threats to healthcare organizations. Sometimes, it's internal
actors who make mistakes, for example, accidentally sending
patient records to the wrong recipients. This happens a lot in
health care. Organizations need to reduce risks inside their
organizations, which are present in potential mistakes, as well
as disgruntled employees and contractors."
Please visit www.njamhaa.org/events for links to details and
online registration for the conference, No Fooling: IT is
Critical!, which will be held virtually on October 21,
2020.
"When it comes to culture, compliance with laws, regulations and
industry standards doesn't mean security, and employees'
awareness doesn't necessarily mean they'll care," Eliot warned.
During his presentation, he will explain how to develop and
implement awareness campaigns that motivate individuals to help
reduce risk. "Every employee has a role in protecting the
enterprise. Everyone must be equipped with knowledge, tools and
resources to do that," he stressed.